Re: using efs

From: Kelvin Yiu [MSFT] (kelviny_at_online.microsoft.com)
Date: 10/20/03 

Date: Mon, 20 Oct 2003 10:53:20 -0700

Did you encrypt your user profile (everything under C:\documents and
settings\[user name]) or just the "My Documents" folder?

EFS does not support encryption of the user profile.

Kelvin 

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Ward Taylor" <wardtayl@st-tel.net> wrote in message
news:e$1Ql9ylDHA.2012@TK2MSFTNGP12.phx.gbl...
> Hi:
> I would like to use win2k's built-in file encryption efs to encrypt the my
> documents folder on my laptop.
> When I do this though, if I access an encrypted file during a session,
when
> I shutdown or logoff, it hangs at "saving your settings" for about a
minute.
> Then, examination of the event log shows this message:
>
> Event Type: Error
> Event Source: Userenv
> Event Category: None
> Event ID: 1000
> Date:  10/16/2003
> Time:  5:23:34 PM
> User:  NT AUTHORITY\SYSTEM
> Computer:
> Description:
> Windows cannot unload your registry file.  If you have a roaming profile,
> your settings are not replicated. Contact your administrator.
>
> DETAIL - Access is denied. , Build number ((2195)).
> I do not have a domain account or a roaming user profile.  My user account
> is local to the machine.
> Further troubleshooting indicates that lsass.exe is holding a registry key
> open in my user hive.
> Anyone have any thoughts on this?
> Hp laptop, win2k sp4, latest patches.
> Even though I have sp4, it has acted like this always.
> Thanks
>
>

Relevant Pages

  • Re: Encrypt profile directory
    ... You should not encrypt the whole user profile because the user's private key ... folder or appropriate subfolder if you need to encrypt emails. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Home Folder
    ... explains a roaming user profile that uses the profile path setting. ... and 'home' folder'??. ... >> such as cdrom/DVD disks as hard drives DO fail. ... >> are using EFS to encrypt files in XP Pro you MUST backup your EFS ...
    (microsoft.public.windowsxp.security_admin)
  • Re: deleted user remains
    ... to encrypt the file, i am rigtht click, properties, advanced, "encrypt ... properties/advanced - user profile settings, ... account "User 1", encryt it, and deny other users access. ... the users that can access are local administrators. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: EFS files
    ... So there is no possible way to recover those ... encrypt your files was stored in your user profile. ... Since you reformatted your hard drive you destroyed your user profile and the EFS certificate/private key and without such there is no way to access your EFS files unless you are in an Active Directory domain that had a Recovery Agent configured for EFS or you had previously backed up your EFS certificate/private key to a password protected .pfx file in external media to use in situations like you are in now to access your files. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Security of Windows XP for remote users
    ... You need 3rd party software to encrypt the whole hard drive. ... With the built in encryption, EFS, the key to decrypt is stored in the user profile. ... Do I have to do it folder by folder? ... > the flight company simply lose them. ...
    (microsoft.public.windowsxp.general)